package com.bagua.sbbcshop.auth;

import com.bagua.sbbcshop.config.ApiConfig;
import com.bagua.sbbcshop.tool.BrowserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


/**
 * 拦截校验身份
 * @author xhou
 */
public class AuthorizationInterceptor implements HandlerInterceptor {

    @Autowired
    private TokenManager tokenManager;
    private Logger log = LoggerFactory.getLogger(AuthorizationInterceptor.class);

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
        String header = request.getHeader(ApiConfig.JWT_TOKEN_HEADER_PARAM);
        String path = request.getRequestURI();
//        log.info("#####preHandle####"+path+"##header##"+header);
        //放开 accessToken刷新接口和安全检查接口
        if (path.contains("/error") ) {
            return true;
        }
        if (header == null || "".equals(header)) {
            response.setStatus(401);
            return false;
        }
        String tokenKey = header.replace(ApiConfig.JWT_TOKEN_HEADER_PREFIX, "");
        if (BrowserUtil.isWXBrowser(request)) {//微信浏览器
            if (!ApiConfig.PATH.contains(path)) {
                //非注册登录接口需要接口验证
                if (!tokenManager.checkToken(tokenKey)) {
                    response.setStatus(401);
                    return false;
                }
            }
        } else {//非微信浏览器的处理
            //非微信浏览 放过的接口
            if (ApiConfig.PATH.contains(path)) {
                if (!tokenManager.checkToken(tokenKey)) {
                    response.setStatus(401);
                    return false;
                }
            }
        }
        response.setHeader(ApiConfig.JWT_TOKEN_HEADER_PARAM, ApiConfig.JWT_TOKEN_HEADER_PREFIX + tokenKey);
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Expose-Headers", "X-Authorization");
        response.setHeader("Access-Control-Allow-Headers", "user-agent,custId,Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With, Language, S-Authorization, Accept, X-Cookie");
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
//        String header = response.getHeader(ApiConfig.JWT_TOKEN_HEADER_PARAM);
//        String path = request.getRequestURI();
//        log.info("#####postHandle####"+path+"##header##"+header);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
//        String header = response.getHeader(ApiConfig.JWT_TOKEN_HEADER_PARAM);
//        String path = request.getRequestURI();
//        log.info("#####afterCompletion####"+path+"##header##"+header);
    }

}
